Revert "SERVER-67660 Add JWKManager"

This reverts commit 338cdd44e47e18ec40fae28d41de2d3822c28136.

(cherry picked from commit ba91e172b1ab0430b8bc72720b510d595069968d)

8 files changed, 17 insertions, 354 deletions

diff --git a/src/mongo/crypto/SConscript b/src/mongo/crypto/SConscript
index 86e457a0f40..af457d27050 100644
--- a/src/mongo/crypto/SConscript
+++ b/src/mongo/crypto/SConscript
@@ -156,30 +156,3 @@ env.CppUnitTest(
         'sha_block_${MONGO_CRYPTO}',
     ],
 )
-
-env.Library(
-    target='jwt',
-    source=[
-        'jwt_types.idl',
-        'jwk_manager.cpp',
-    ],
-    LIBDEPS=[
-        '$BUILD_DIR/mongo/base',
-    ],
-    LIBDEPS_PRIVATE=[
-        '$BUILD_DIR/mongo/idl/idl_parser',
-        'rsa_public_key',
-    ],
-)
-
-env.CppUnitTest(
-    target='jwt_test',
-    source=[
-        'jwt_test.cpp',
-    ],
-    LIBDEPS=[
-        '$BUILD_DIR/mongo/base',
-        'jwt',
-        'rsa_public_key',
-    ],
-)
diff --git a/src/mongo/crypto/jwk_manager.cpp b/src/mongo/crypto/jwk_manager.cpp
deleted file mode 100644
index f93648f640c..00000000000
--- a/src/mongo/crypto/jwk_manager.cpp
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- *    Copyright (C) 2022-present MongoDB, Inc.
- *
- *    This program is free software: you can redistribute it and/or modify
- *    it under the terms of the Server Side Public License, version 1,
- *    as published by MongoDB, Inc.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    Server Side Public License for more details.
- *
- *    You should have received a copy of the Server Side Public License
- *    along with this program. If not, see
- *    <http://www.mongodb.com/licensing/server-side-public-license>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the Server Side Public License in all respects for
- *    all of the code used other than as permitted herein. If you modify file(s)
- *    with this exception, you may extend this exception to your version of the
- *    file(s), but you are not obligated to do so. If you do not wish to do so,
- *    delete this exception statement from your version. If you delete this
- *    exception statement from all source files in the program, then also delete
- *    it in the license file.
- */
-
-#include "mongo/crypto/jwk_manager.h"
-
-#include "mongo/bson/json.h"
-#include "mongo/crypto/jwt_types_gen.h"
-#include "mongo/logv2/log.h"
-#include "mongo/util/base64.h"
-
-#define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kAccessControl
-
-namespace mongo::crypto {
-namespace {
-constexpr auto kMinKeySizeBytes = 512 >> 3;
-
-// Strip insignificant leading zeroes to determine the key's true size.
-StringData reduceInt(StringData value) {
-    std::size_t ofs = 0;
-    while ((ofs < value.size()) && (value[ofs] == 0)) {
-        ++ofs;
-    }
-    return value.substr(ofs);
-}
-
-}  // namespace
-
-JWKManager::JWKManager(BSONObj data) {
-    auto keys = JWKSet::parse(IDLParserContext{"JWKSet"}, data);
-    for (const auto& key : keys.getKeys()) {
-        uassert(ErrorCodes::BadValue,
-                str::stream() << "Only RSA key types are accepted at this time",
-                key.getType() == "RSA"_sd);
-        uassert(ErrorCodes::BadValue, "Key ID must be non-empty", !key.getKeyId().empty());
-
-        // Sanity check so that we don't load a dangerously small key.
-        auto N = reduceInt(key.getN());
-        uassert(ErrorCodes::BadValue,
-                str::stream() << "Key scale is smaller (" << (N.size() << 3)
-                              << " bits) than minimum required: " << (kMinKeySizeBytes << 3),
-                N.size() >= kMinKeySizeBytes);
-
-        // Sanity check so that we don't load an insensible encrypt component.
-        auto E = reduceInt(key.getE());
-        uassert(ErrorCodes::BadValue,
-                str::stream() << "Public key component invalid: " << base64url::encode(key.getE()),
-                (E.size() > 1) || ((E.size() == 1) && (E[0] >= 3)));
-
-        auto keyId = key.getKeyId().toString();
-        uassert(ErrorCodes::DuplicateKey,
-                str::stream() << "Key IDs must be unique, duplicate '" << keyId << "'",
-                _keys.find(keyId) == _keys.end());
-
-        LOGV2_DEBUG(6766000, 5, "Loaded JWK Key", "kid"_attr = key.getKeyId());
-        _keys.insert({keyId, {key.getKeyId(), {E.rawData(), E.size()}, {N.rawData(), N.size()}}});
-    }
-}
-
-const RsaPublicKey& JWKManager::getKey(StringData keyId) const {
-    auto it = _keys.find(keyId.toString());
-    uassert(
-        ErrorCodes::NoSuchKey, str::stream() << "Unknown key '" << keyId << "'", it != _keys.end());
-    return it->second;
-}
-
-}  // namespace mongo::crypto
diff --git a/src/mongo/crypto/jwk_manager.h b/src/mongo/crypto/jwk_manager.h
deleted file mode 100644
index d44f924314c..00000000000
--- a/src/mongo/crypto/jwk_manager.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- *    Copyright (C) 2022-present MongoDB, Inc.
- *
- *    This program is free software: you can redistribute it and/or modify
- *    it under the terms of the Server Side Public License, version 1,
- *    as published by MongoDB, Inc.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    Server Side Public License for more details.
- *
- *    You should have received a copy of the Server Side Public License
- *    along with this program. If not, see
- *    <http://www.mongodb.com/licensing/server-side-public-license>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the Server Side Public License in all respects for
- *    all of the code used other than as permitted herein. If you modify file(s)
- *    with this exception, you may extend this exception to your version of the
- *    file(s), but you are not obligated to do so. If you do not wish to do so,
- *    delete this exception statement from your version. If you delete this
- *    exception statement from all source files in the program, then also delete
- *    it in the license file.
- */
-
-#pragma once
-
-#include <map>
-#include <string>
-
-#include "mongo/base/string_data.h"
-#include "mongo/bson/bsonobj.h"
-#include "mongo/crypto/rsa_public_key.h"
-
-namespace mongo::crypto {
-
-class JWKManager {
-public:
-    JWKManager() = default;
-    explicit JWKManager(BSONObj data);
-
-    const RsaPublicKey& getKey(StringData keyId) const;
-
-private:
-    std::map<std::string, RsaPublicKey> _keys;
-};
-
-}  // namespace mongo::crypto
diff --git a/src/mongo/crypto/jwt_test.cpp b/src/mongo/crypto/jwt_test.cpp
deleted file mode 100644
index 7de9b048c47..00000000000
--- a/src/mongo/crypto/jwt_test.cpp
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- *    Copyright (C) 2022-present MongoDB, Inc.
- *
- *    This program is free software: you can redistribute it and/or modify
- *    it under the terms of the Server Side Public License, version 1,
- *    as published by MongoDB, Inc.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    Server Side Public License for more details.
- *
- *    You should have received a copy of the Server Side Public License
- *    along with this program. If not, see
- *    <http://www.mongodb.com/licensing/server-side-public-license>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the Server Side Public License in all respects for
- *    all of the code used other than as permitted herein. If you modify file(s)
- *    with this exception, you may extend this exception to your version of the
- *    file(s), but you are not obligated to do so. If you do not wish to do so,
- *    delete this exception statement from your version. If you delete this
- *    exception statement from all source files in the program, then also delete
- *    it in the license file.
- */
-
-#include "mongo/platform/basic.h"
-
-#include "mongo/crypto/jwk_manager.h"
-#include "mongo/unittest/unittest.h"
-#include "mongo/util/assert_util.h"
-
-namespace mongo::crypto {
-namespace {
-
-// Test key source: RFC 7515 "JSON Web Key" Appendix B.
-constexpr auto k512BitKeyE = "AQAB"_sd;
-constexpr auto k512BitKeyN =
-    "vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08PLbK_PdiVGKPrqzmDIsL"
-    "I7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Qu2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7i"
-    "I7w0LK9orSMhBEwwZDCxTWq4aYWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy"
-    "1wgzjYQDwHMTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMvVfJb6"
-    "jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ"_sd;
-
-BSONObj getTestJWKSet(StringData e, StringData n) {
-    BSONObjBuilder set;
-    BSONArrayBuilder keys(set.subarrayStart("keys"_sd));
-
-    {
-        BSONObjBuilder key(keys.subobjStart());
-        key.append("kty", "RSA");
-        key.append("kid", "numberOneKey");
-        key.append("e", e);
-        key.append("n", n);
-        key.doneFast();
-    }
-
-    keys.doneFast();
-    return set.obj();
-}
-
-TEST(JWKManager, parseJWKSetBasic) {
-    // Parse the test JWKSet and pull out numberOneKey, then compare it to the inputs.
-    auto basic = getTestJWKSet(k512BitKeyE, k512BitKeyN);
-    JWKManager manager(basic);
-    auto key = manager.getKey("numberOneKey");
-
-    ASSERT_BSONOBJ_EQ(key.toBSON(), basic["keys"_sd].Obj()[0].Obj());
-}
-
-TEST(JWKManager, parseJWKSetEmptyComponents) {
-    auto emptyE = getTestJWKSet("", k512BitKeyN);
-    ASSERT_THROWS_WHAT(JWKManager(emptyE), DBException, "Public key component invalid: ");
-
-    auto emptyN = getTestJWKSet(k512BitKeyE, "");
-    ASSERT_THROWS_WHAT(JWKManager(emptyN),
-                       DBException,
-                       "Key scale is smaller (0 bits) than minimum required: 512");
-}
-
-}  // namespace
-}  // namespace mongo::crypto
diff --git a/src/mongo/crypto/jwt_types.idl b/src/mongo/crypto/jwt_types.idl
deleted file mode 100644
index 3337fe7b455..00000000000
--- a/src/mongo/crypto/jwt_types.idl
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright (C) 2022-present MongoDB, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the Server Side Public License, version 1,
-# as published by MongoDB, Inc.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# Server Side Public License for more details.
-#
-# You should have received a copy of the Server Side Public License
-# along with this program. If not, see
-# <http://www.mongodb.com/licensing/server-side-public-license>.
-#
-# As a special exception, the copyright holders give permission to link the
-# code of portions of this program with the OpenSSL library under certain
-# conditions as described in each individual source file and distribute
-# linked combinations including the program with the OpenSSL library. You
-# must comply with the Server Side Public License in all respects for
-# all of the code used other than as permitted herein. If you modify file(s)
-# with this exception, you may extend this exception to your version of the
-# file(s), but you are not obligated to do so. If you do not wish to do so,
-# delete this exception statement from your version. If you delete this
-# exception statement from all source files in the program, then also delete
-# it in the license file.
-
-global:
-    cpp_namespace: "mongo::crypto"
-
-imports:
-    - "mongo/idl/basic_types.idl"
-
-structs:
-    JWK:
-        # RFC 7515 Section 4
-        description: JSON Web Key
-        fields:
-            kty:
-                description: Key type
-                type: string
-                cpp_name: type
-            kid:
-                description: Unique Key ID
-                type: string
-                cpp_name: keyId
-
-            # RSA specific fields
-            n:
-                description: Modulus of the RSA Key
-                type: base64urlstring
-            e:
-                description: Public key component of the RSA Key
-                type: base64urlstring
-
-    JWKSet:
-        # RFC 7517 Section 5
-        description: A set of JSON Web Keys
-        fields:
-            keys:
-                description: The JWK objects
-                type: array<JWK>
-
-
diff --git a/src/mongo/crypto/rsa_public_key.cpp b/src/mongo/crypto/rsa_public_key.cpp
index 5e63377bea7..76390e44606 100644
--- a/src/mongo/crypto/rsa_public_key.cpp
+++ b/src/mongo/crypto/rsa_public_key.cpp
@@ -28,24 +28,22 @@
  */
 
 #include "mongo/crypto/rsa_public_key.h"
-#include "mongo/crypto/jwt_types_gen.h"
+
+#include <iterator>
+
+#include "fmt/format.h"
+#include "mongo/base/string_data.h"
 #include "mongo/util/base64.h"
 
 namespace mongo::crypto {
-namespace {
-std::vector<std::uint8_t> vectorFromCDR(ConstDataRange cdr) {
-    return {cdr.data(), cdr.data() + cdr.length()};
-}
-}  // namespace
 
-RsaPublicKey::RsaPublicKey(StringData keyId, ConstDataRange e, ConstDataRange n)
-    : _keyId(keyId.toString()), _e(vectorFromCDR(e)), _n(vectorFromCDR(n)) {}
-
-void RsaPublicKey::appendToBSON(BSONObjBuilder* builder) const {
-    builder->append(JWK::kTypeFieldName, "RSA"_sd);
-    builder->append(JWK::kKeyIdFieldName, _keyId);
-    builder->append(JWK::kEFieldName, base64url::encode(_e.data(), _e.size()));
-    builder->append(JWK::kNFieldName, base64url::encode(_n.data(), _n.size()));
+RsaPublicKey::RsaPublicKey(StringData keyId, StringData e, StringData n)
+    : _keyId(keyId.toString()) {
+    fmt::memory_buffer eBuffer;
+    base64url::decode(eBuffer, e);
+    std::copy(eBuffer.begin(), eBuffer.end(), std::back_inserter(_e));
+    fmt::memory_buffer nBuffer;
+    base64url::decode(nBuffer, n);
+    std::copy(nBuffer.begin(), nBuffer.end(), std::back_inserter(_n));
 }
-
 }  // namespace mongo::crypto
diff --git a/src/mongo/crypto/rsa_public_key.h b/src/mongo/crypto/rsa_public_key.h
index ea8d78f3a24..e5773d2af33 100644
--- a/src/mongo/crypto/rsa_public_key.h
+++ b/src/mongo/crypto/rsa_public_key.h
@@ -29,16 +29,11 @@
 
 #pragma once
 
-#include <string>
-#include <vector>
-
 #include "mongo/base/data_range.h"
 #include "mongo/base/string_data.h"
-#include "mongo/bson/bsonobj.h"
-#include "mongo/bson/bsonobjbuilder.h"
+#include "mongo/util/base64.h"
 
 namespace mongo::crypto {
-
 /**
  * Provides an interface for managing parameters to an RSA signing operation.
  * Note that this key contains public material only, and is not suitable for decryption.
@@ -50,7 +45,7 @@ public:
      * The RSA operation parameters of {E} and {N} must be passed as Base64URL encoded values (RFC
      * 4648 §5).
      */
-    RsaPublicKey(StringData keyId, ConstDataRange e, ConstDataRange n);
+    RsaPublicKey(StringData keyId, StringData e, StringData n);
     std::size_t getKeySizeBytes() const {
         return _n.size();
     }
@@ -67,17 +62,10 @@ public:
         return _keyId;
     }
 
-    void appendToBSON(BSONObjBuilder* builder) const;
-    BSONObj toBSON() const {
-        BSONObjBuilder builder;
-        appendToBSON(&builder);
-        return builder.obj();
-    }
-
 private:
-    std::string _keyId;
     std::vector<std::uint8_t> _e;
     std::vector<std::uint8_t> _n;
+    std::string _keyId;
 };
 
 }  // namespace mongo::crypto
diff --git a/src/mongo/crypto/rsa_public_key_test.cpp b/src/mongo/crypto/rsa_public_key_test.cpp
index 72aaf3a41cc..8b61773c037 100644
--- a/src/mongo/crypto/rsa_public_key_test.cpp
+++ b/src/mongo/crypto/rsa_public_key_test.cpp
@@ -47,10 +47,7 @@ TEST(RSAPublickKeyTest, rsaKeyDecode) {
         "wjUu3HKsKPdIPqjf6zdrgv8W3OySt-QSFVBy_OQXraZ2wA7gJPyPmNhBr8L9M3AYRS_"
         "E1XRpsldMSrIe8bfxGyP2B9txiUQXIycWLC-e172SPjAjdUyaK3YLqGRtki6EgQ3qlzRPjoQheE-"
         "r3l62UaaAgHOo6FercdjdsIzT2-vhqZMQk59WhGuvygymiLw"_sd;
-
-    auto eStr = base64url::decode(e);
-    auto nStr = base64url::decode(n);
-    RsaPublicKey key(keyID, {eStr.c_str(), eStr.size()}, {nStr.c_str(), nStr.size()});
+    RsaPublicKey key(keyID, e, n);
 
     std::string strE;
     strE.assign(key.getE().data(), key.getE().length());